Date:30/06/16
Users of some to the best known online security tools are being warned that their antivirus software may have been hacked.
The news comes after a Google security researcher revealed that he found a series of high severity vulnerabilities in both commercial and consumer products from antivirus software firm Symantec, which hackers could easily exploit to take control of computers.
The vulnerabilities were discovered by Tavis Ormandy, a security researcher from the Project Zero team at Google, whose job it is to highlight flaws and the poor state of antivirus software.
Writing on the official Project Zero blog, Ormandy described the vulnerabilities as “as bad as it gets” after discovering 25 flaws that are affecting Symantec and Norton products.
“These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible.
In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”
Worst affected are Norton Antivirus for both Windows and Mac, including Norton 360, as well as a wide range of Symantec products such as Endpoint, Email Security and Protection Engine.
Ormandy describes the flaw as a “wormable vulnerability with potentially devastating consequences to Norton and Symantec customers,” and says that simply emailing a file to someone or sending them a link could be enough to spread the malware if it has already infected your computer.
Symantec has since said that it is aware of the problem and has issued security patches, the full details of which can be found here.
The security patches should update automatically, especially for anyone running a Norton Antivirus product, although some of the patches for enterprise users need to be installed by an administrator.
Ormandy claimed that the flaws were made possible because Symantec fell well short when it came to security protection on their own software.
Ormandy also claimed that in some cases Symantec had used the same code, which was from open source libraries for more than seven years, having themselves failed to install the necessary security and bug patches in all that time.
Security flaw in Symantec and Norton Antivirus “as bad as it gets” – millions of users left exposed
Users of some to the best known online security tools are being warned that their antivirus software may have been hacked.The news comes after a Google security researcher revealed that he found a series of high severity vulnerabilities in both commercial and consumer products from antivirus software firm Symantec, which hackers could easily exploit to take control of computers.
The vulnerabilities were discovered by Tavis Ormandy, a security researcher from the Project Zero team at Google, whose job it is to highlight flaws and the poor state of antivirus software.
Writing on the official Project Zero blog, Ormandy described the vulnerabilities as “as bad as it gets” after discovering 25 flaws that are affecting Symantec and Norton products.
“These vulnerabilities are as bad as it gets. They don’t require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible.
In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption.”
Worst affected are Norton Antivirus for both Windows and Mac, including Norton 360, as well as a wide range of Symantec products such as Endpoint, Email Security and Protection Engine.
Ormandy describes the flaw as a “wormable vulnerability with potentially devastating consequences to Norton and Symantec customers,” and says that simply emailing a file to someone or sending them a link could be enough to spread the malware if it has already infected your computer.
Symantec has since said that it is aware of the problem and has issued security patches, the full details of which can be found here.
The security patches should update automatically, especially for anyone running a Norton Antivirus product, although some of the patches for enterprise users need to be installed by an administrator.
Ormandy claimed that the flaws were made possible because Symantec fell well short when it came to security protection on their own software.
Ormandy also claimed that in some cases Symantec had used the same code, which was from open source libraries for more than seven years, having themselves failed to install the necessary security and bug patches in all that time.
Views: 437
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
